Documentation
¶
Overview ¶
Package scanner provides secret scanning functionality using gitleaks
Index ¶
- Variables
- type Finding
- type GitleaksScanner
- func (s *GitleaksScanner) LoadIgnoreFile(directory string) error
- func (s *GitleaksScanner) Scan(ctx context.Context, path string, scanConfig *ScanConfig) (*ScanResult, error)
- func (s *GitleaksScanner) ScanFile(ctx context.Context, path string, scanConfig *ScanConfig) (*ScanResult, error)
- func (s *GitleaksScanner) ScanString(_ context.Context, content string) *ScanResult
- type ScanConfig
- type ScanResult
- type Scanner
Constants ¶
This section is empty.
Variables ¶
var ErrSecretsFound = errors.New("secrets found")
ErrSecretsFound signals secrets were detected (used for exit code mapping)
Functions ¶
This section is empty.
Types ¶
type Finding ¶
type Finding struct {
Description string
File string
Fingerprint string // Unique identifier for .gitleaksignore
Line int
Match string // Redacted snippet
RuleID string
Secret string // Redacted
}
Finding represents a detected secret
type GitleaksScanner ¶
type GitleaksScanner struct {
// contains filtered or unexported fields
}
GitleaksScanner implements Scanner using embedded gitleaks
func NewGitleaksScanner ¶
func NewGitleaksScanner() (*GitleaksScanner, error)
NewGitleaksScanner creates a scanner with default gitleaks config
func (*GitleaksScanner) LoadIgnoreFile ¶ added in v0.7.0
func (s *GitleaksScanner) LoadIgnoreFile(directory string) error
LoadIgnoreFile loads a .gitleaksignore file from the specified directory. Entries in the ignore file are fingerprints that should be excluded from scan results. If the ignore file does not exist, this method returns nil (silent).
func (*GitleaksScanner) Scan ¶
func (s *GitleaksScanner) Scan(ctx context.Context, path string, scanConfig *ScanConfig) (*ScanResult, error)
Scan scans a directory for secrets
func (*GitleaksScanner) ScanFile ¶
func (s *GitleaksScanner) ScanFile(ctx context.Context, path string, scanConfig *ScanConfig) (*ScanResult, error)
ScanFile scans a single file for secrets
func (*GitleaksScanner) ScanString ¶
func (s *GitleaksScanner) ScanString(_ context.Context, content string) *ScanResult
ScanString scans a string for secrets (useful for env vars, commands)
type ScanConfig ¶
ScanConfig holds scanner configuration
func DefaultScanConfig ¶
func DefaultScanConfig() *ScanConfig
DefaultScanConfig returns sensible defaults
type ScanResult ¶
ScanResult contains the results of a secret scan
func (*ScanResult) HasFindings ¶
func (r *ScanResult) HasFindings() bool
HasFindings returns true if any secrets were found
type Scanner ¶
type Scanner interface {
LoadIgnoreFile(directory string) error
Scan(ctx context.Context, path string, scanConfig *ScanConfig) (*ScanResult, error)
ScanFile(ctx context.Context, path string, scanConfig *ScanConfig) (*ScanResult, error)
ScanString(ctx context.Context, content string) *ScanResult
}
Scanner defines the interface for secret scanning
Source Files